SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information.
References
Configurations
History
21 Nov 2024, 00:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/33072 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/32790 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/47282 - | |
References | () https://www.exploit-db.com/exploits/7424 - |
Information
Published : 2009-03-02 16:30
Updated : 2024-11-21 00:56
NVD link : CVE-2008-6365
Mitre link : CVE-2008-6365
CVE.ORG link : CVE-2008-6365
JSON object : View
Products Affected
adserversolutions
- ad_management_software
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')